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(54) NETWORK SYSTEM 



(57) MTID of a terminal apparatus is preliminarily 
registered into a database of an ISP. In step S2, when 
a power source of the terminal apparatus is turned on 
first, (MTID = B) is transmitted from the terminal appa- 
ratus to a router. A transmission signal is received by 
the router and (HGWID = A, MTID = B) is transmitted 



from the router to the ISP. If (HGWID = A, MTID = B) 
has been registered in the database, the ISP transmits 
a permission message in step S5. In step S6 : an IP ad- 
dress for a new terminal apparatus is allocated and the 
new terminal apparatus can participate in a homenet- 
work. If (HGWID = A, MTID = B) is not registered, a re- 
fusal message is sent to the router 
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Description 

Technical Field 

[0001] The invention relates to a network system, a 
connecting apparatus, a connecting method, a network, 
a router, a terminal apparatus, a communicating meth- 
od, a program, and a recording medium which can be 
applied to a case of connecting the network in a home 
to the Internet. 

Background Art 

[0002] Contents transmitted into a home via the Inter- 
net is usually sent to a personal computer. Compression 
music data, image data, and the like which were down- 
loaded are stored into the personal computer. The user 
tries to reproduce those contents which arrived at the 
personal computer by an AV (audio and/or visual) ap- 
paratus other than the personal computer. However, if 
a network in the home does not exist, it is difficult to re- 
alize such a request. 

[0003] As network architectures, an Internet protocol 
system called TCP/IP (Transmission Control Protocol/ 
Internet Protocol) used in the Internet and an OS I (Open 
System Interface) basic reference model have been 
known. The OSI reference model comprises seven lay- 
ers. The first layer is a physical layer. The second layer 
is a data link layer. The third layer is a network layer. 
The fourth layer is a transport layer. The fifth layer is a 
session layer. The sixth layer is a presentation layer. The 
seventh layer is an application layer. In the physical lay- 
er, a physical mutual connection is made. Data is han- 
dled as a bit train here. In the data link layer, a physical 
communication path to a communication partner is as- 
sured and a competition control or the like is performed. 
Data is handled here as a unit such as a frame or the 
like which has been more structured. 
[0004] The TCP/IP comprises four concept layers: a 
network interface layer, an Internet layer, a transport lay- 
er, and an application layer. Those layers are construct- 
ed on the physical layer. They can be made to corre- 
spond to those of the OSI reference model as follows: 
the data link layer -> the network interface layer; the net- 
work layer the Internet layer; the transport layer — » 
the transport layer; the session layer, presentation layer, 
application layer -> the application layer. The network 
interface layer is a layer for assuring communication in 
one subnetwork. For example, a PPP (Point-to-Point 
Protocol), for making communication between two 
points corresponds to the network interface layer. 
[0005] The PPP (Point-to-Point Protocol) is a protocol 
which is used as a standard protocol by a dial-up IP con- 
nection. Data communication by a plurality of protocol 
authentication is provided by a line which is connected 
in a one-to-one correspondence relation. As a connect- 
ing procedure, a link is established via 1) a link estab- 
lishing request, 2) authentication of a connecting per- 
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son. and 3) an information exchange of every protocol. 
[0006] As networks In the home, wire transmission 
systems such as IEEE (Institute of Electrical and Elec- 
tronics Engineers) 1 394, Ethernet, and the like, and sev- 
5 eral wireless transmission systems have been pro- 
posed. As wireless transmission systems, IEEE802.11 , 
Bluetooth (trademark), Wireless 1394, and the like have 
been proposed. The networks in the home according to 
those various transmission systems construct an LAN 
10 (Local Area Network). 

[0007] In recent years, the number of terminal appa- 
ratuses which are connected to the network in the home 
has been increasing. Each terminal apparatus is not lim- 
ited to communication which is merely made to a spe- 
is cific target but is also connected to the Internet and can 
be also referred to from a network over the LAN. In order 
to allow the terminal apparatus to participate in such a 
network, there Is needed a terminal apparatus called a 
router for at least allowing information to pass from one 
LAN to another LAN and enabling an information ex- 
change with another terminal apparatus in the network 
to which the relevant terminal apparatus has been con- 
nected. 

[0008] Although the setting of routing of the router is 
performed by the user, since the setting operation is 
technical and expert, when the user newly connects a 
terminal apparatus, it is necessary to execute the trou- 
blesome setting operation. 

[0009] The foregoing general network architecture, 
for example, the TCP/IP protocol is also applied to the 
homenetwork. In the case where the homenetwork is 
awireless network, in order to prevent the third person 
from looking surreptitiously, it is desirable to perform an 
authentication encryption at the level of the data link lay- 
er. Since the setting operation of the router having the 
wireless data link for such a purpose is technical and 
expert, when the user newly connects a terminal appa- 
ratus, it is necessary to execute the troublesome setting 
operation. 

[0010] Further, from a point of protection of personal 
information, it is demanded that the homenetwork is a 
secure network. Hitherto, a firewall has been provided 
between the public network and the private network. 
This is because it is intended to prevent a person called 
a cracker who invade Illegally the network. However, 
such a homenetwork depends on the provided firewall 
and the homenetwork does not become open, so that 
there is a problem such that it becomes an obstacle in 
case of developing a variety of kinds of applications. 
[0011] It is, therefore, the first object of the invention 
is to provide a network system for enabling the user to 
easily connect a terminal apparatus to a router. 
[0012] The second object of the invention is to provide 
a network system for enabling authentication at a data 
link level although the setting operation of a router hav- 
ing a wireless data link is unnecessary. 
[001 3] The third object of the invention is to provide a 
network system which can construct a secure network 
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without providing a firewall. 

Disclosure of Invention 

[0014] To solve the above problems, according to the 
invention of Claim 1 , there is provided a network system 
comprising: a router for permitting or refusing a connec- 
tion on the basis of one identifier which a terminal ap- 
paratus has; and a database in which the router and the 
terminal apparatus connected thereto have previously 
been associated, 

wherein when there is a connecting request from 
the terminal apparatus, the database is referred to on 
the basis of the request and in the case where a corre- 
spondence of the router and the terminal apparatus has 
been recorded in the database, the connection of the 
terminal apparatus which is connected is permitted. 
[0015] According to the invention of Claim 2, there is 
provided a connecting apparatus in which a network in- 
cluding a router and one or more terminal apparatuses 
is provided on a terminal side and which provides a serv- 
ice for connecting to the Internet to the terminal side, 
comprising: 

a database in which a correspondence relation be- 
tween an identifier of the router and identifiers of the 
terminal apparatuses which are connected to the 
network has been registered, 

wherein when a terminal apparatus is newly con- 
nected to the network, whether a correspondence rela- 
tion between an identifier of the router which is sent from 
the user's side and an identifier of the terminal appara- 
tus exists in the database or not is discriminated, and 

at least one of permission information which is 
formed when the correspondence relation exists and 
used to permit the connection of the new terminal appa- 
ratus to the network and refusal information which is 
formed when the correspondence relation does not exist 
and used to refuse the connection of the new terminal 
apparatus to the network is transmitted to the terminal 
side. 

[0016] According to the invention of Claim 5, there is 
provided a connecting method in which a network in- 
cluding a router and one or more terminal apparatuses 
is provided on a terminal side and which provides a serv- 
ice for connecting to the Internet to the terminal side, 
wherein 

a database in which a correspondence relation be- 
tween an identifier of the router and identifiers of the ter- 
minal apparatuses which are connected to the network 
has been registered, 

when a terminal apparatus Is newly connected to 
the network, whether a correspondence relation be- 
tween the identifier of the router which is sent from the 
user's side and an identifier of the terminal apparatus 
exists in the database or not is discriminated, and 

at least one of permission information which is 



4 

formed when the correspondence relation exists and 
used to permit the connection of the new terminal appa- 
ratus to the network and refusal information which is 
formed when the correspondence relation does not exist 
5 and used to refuse the connection of the new terminal 
apparatus to the network is transmitted to the terminal 
side. 

[0017] According to the invention of Claim 8, there is 
provided a network which is constructed by a router hav- 
10 hg one identifier and one or more terminal apparatuses 
each having one identifier and connected to an Internet 
connecting apparatus via the router, wherein 

when a terminal apparatus is newly connected to 
the network, a correspondence relation between the 
15 Identifier of the router and an identifier of the terminal 
apparatus is transmitted to the Internet connecting ap- 
paratus, at least one of permission information and re- 
fusal information formed by the Internet connecting ap- 
paratus on the basis of a result of a discrimination with 
reference to a database is received, and 

the terminal apparatus can be newly connected 
only in the case where a fact that the correspondence 
relation exists in the database is shown by at least one 
of the permission information and the refusal informa- 
tion. 

[001 8] According to the invention of Claim 1 1 , there is 
provided a program for a network which is constructed 
by a router having one identifier and one or more termi- 
nal apparatuses each having one identifier and connect- 
ed to an Internet connecting apparatus via the router, 
wherein 

the program allows the network to execute: 

a procedure for, when a terminal apparatus is newly 
connected to the network, transmitting a corre- 
spondence relation between the identifier of the 
router and an identifier of the terminal apparatus to 
the Internet connecting apparatus; 
a procedure for receiving at least one of permission 
information and refusal information formed by the 
Internet connecting apparatus on the basis of a re- 
sult of a discrimination with reference to a database; 
and 

a procedure for newly connecting the terminal ap- 
paratus only in the case where a fact that the cor- 
respondence relation exists in the database is 
shown by at least one of the permission information 
and the refusal information. 

[0019] According to the Invention of Claim 12, there 
is provided a recording medium on which a program for 
a network which is constructed by a router having one 
identifier and one or more terminal apparatuses each 
having one identifier and connected to an Internet con- 
necting apparatus via the router has been recorded, 
wherein 

the program allows the network to execute: 



EP 1 372 301 A1 



25 



30 



35 



40 



45 



50 



3 



5 

a procedure for, when a terminal apparatus is newly 
connected to the network, transmitting a corre- 
spondence relation between the identifier of the 
router and an identifier of the terminal apparatus to 
the Internet connecting apparatus; 
a procedure for receiving at least one of permission 
information and refusal information formed by the 
Internet connecting apparatus on the basis of a re- 
sult of a discrimination with reference to a database; 
and 

a procedure for newly connecting the terminal ap- 
paratus only in the case where a fact that the cor- 
respondence relation exists in the database is 
shown by at least one of the permission information 
and the refusal information. 

[0020] According to the invention, only in case of a 
combination of the router and the terminal apparatus 
which has been registered in the database provided for 
an Internet service provider, the connection is permitted 
to the network such as a homenetwork or the like. The 
user does not need to set the router by himself and can 
easily allow the terminal apparatus to participate newly 
in the network such as a homenetwork or the like. It is 
also possible to prevent an unregistered terminal appa- 
ratus from being connected to the network such as a 
homenetwork or the like, so that the security of the net- 
work can be improved. 

[0021 ] To solve the above problems, according to the 
invention of Claim 13, there is provided a network sys- 
tem in which a router and a terminal apparatus are con- 
nected in a wireless manner, wherein 

one identifier is recorded, a removable recording 
medium is provided, 

the recording medium is loaded into the router 
and, thereafter, attached to the terminal apparatus, and 

the router reads out the identifier, thereby allowing 
a link between the router and the terminal apparatus 
specified by the identifier to be established. 
[0022] According to the invention of Claim 1 6, there 
is provided a routerfor exchanging information between 
terminal apparatuses connected in a wireless manner, 
wherein 

one identifier is recorded, a removable recording 
medium is provided, the identifier is read out from the 
loaded recording medium, and 

a link with the terminal apparatus which is speci- 
fied by the identifier is established. 
[0023] According to the invention of Claim 19, there 
is provided a terminal apparatus for exchanging infor- 
mation in a wireless manner, wherein 

one identifier is recorded, a removable recording 
medium is detachably provided, the identifier is read out 
from the loaded recording medium, and 

a link is established by the identifier at the time of 
wireless communication. 

[0024] According to the invention of Claim 20, there 
is provided a communicating method in a network sys- 
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tern in which a router and a terminal apparatus are con- 
nected in a wireless manner, comprising: 

a step wherein one identifier is recorded and a re- 
5 movable recording medium is provided; 

a step wherein the recording medium is loaded into 
the router and the router reads out the identifier; 
a step wherein the recording medium is attached to 
the terminal apparatus and the terminal apparatus 
10 reads out the identifier; and 

a step wherein the router detects that the terminal 
apparatus is specified by the identifier, thereby es- 
tablishing a link between the router and the terminal 
apparatus. 

15 

[0025] According to the invention of Claim 21, there 
is provided a program for a network system in which a 
router, a terminal apparatus are connected in a wireless 
manner and one identifier is recorded, and a removable 
20 recording medium is provided, wherein 

the program allows the network system to exe- 
cute: 

a step wherein the recording medium is loaded into 
25 the router and the router reads out the identifier; 

a step wherein the recording medium is attached to 
the terminal apparatus and the terminal apparatus 
reads out the identifier; and 
a step wherein the router detects that the terminal 
30 apparatus is specified by the identifier, thereby es- 
tablishing a link between the router and the terminal 
apparatus. 

[0026] According to the invention of Claim 22, there 
35 is provided a recording medium on which a program for 
a network system in which a router and a terminal ap- 
paratus are connected in a wireless manner, one iden- 
tifier is recorded, and a removable recording medium is 
provided has been recorded, wherein 
40 the program allows the network system to exe- 

cute: 

a step wherein the recording medium is loaded into 
the router and the router reads out the identifier; 
45 a step wherein the recording medium is loaded into 
the terminal apparatus and the terminal apparatus 
reads out the identifier; and 
a step wherein the router detects that the terminal 
apparatus is specified by the identifier, thereby es- 
50 tablishing a link between the router and the terminal 
apparatus. 

[0027] According to the invention, the recording me- 
dium is loaded into the router and the router reads out 
55 the identifier on the recording medium, so that the au- 
thentication for allowing the router and the terminal ap- 
paratus which is specified by the identifier to communi- 
cate can be performed. Therefore, the user does not 
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need to execute the troublesome operation such as set- 
ting of the router or the like. 

[0028] Further, to solve the foregoing problems, ac- 
cording to the invention of Claim 23, there is provided a 
network system in which a server and a router are con- 5 
nected via a network and one or more terminal appara- 
tuses are connected to the router, wherein 

the server has a database in which a correspond- 
ence relation between an identifier of the router and 
identifiers of the terminal apparatuses connected to the 10 
network has been registered, 

when the first and second terminal apparatuses 
communicate with each other, the server is inquired 
about whether the identifiers of the first and second ter- 
minal apparatuses have been registered as a same is 
group onto the database or not, and 

when the correspondence relation exists, the first 
and second terminal apparatuses can communicate. 
[0029] According to the invention of Claim 26, there 
is provided a terminal apparatus which is connected to 20 
a network system, wherein 

when there is a communicating request from an- 
other terminal apparatus, an external server Is inquired 
about an identifier of such another terminal apparatus 
via a router, 25 

whether such another terminal apparatus belongs 
to a same group or not is discriminated with reference 
to a database of the server, and 

only when such another terminal apparatus be- 
longs to the same group, communication with such an- 30 
other terminal apparatus can be made. 
[0030] According to the invention of Claim 28, there 
is provided a communicating method in a network sys- 
tem in which a server and a router are connected via a 
network, one or more terminal apparatuses are connect- 35 
ed to the router, and the server has a database in which 
a correspondence relation between an identifier of the 
router and identifiers of the terminal apparatuses which 
are connected to the network has been registered, com- 
prising the steps of: 40 

when the first and second terminal apparatuses 
communicate with each other, inquiring of the serv- 
er about whether the identifiers of the first and sec- 
ond terminal apparatuses have been registered as 45 
a same group onto the database or not; and 
when the correspondence relation exists, determin- 
ing that the first and second terminal apparatuses 
can communicate. 

50 

[0031] According to the invention of Claim 31 , there 
is provided a program for a communicating method in a 
network system in which a server and a router are con- 
nected via a network, one or more terminal apparatuses 
are connected to the router, and the server has a data- 55 
base in which a correspondence relation between an 
identifier of the router and identifiers of the terminal ap- 
paratuses which are connected to the network has been 



registered, wherein 

the program allows the network system to execute 
the steps of: 

when the first and second terminal apparatuses 
communicate with each other, inquiring of the serv- 
er about whether the identifiers of the first and sec- 
ond terminal apparatuses have been registered as 
a same group onto the database or not; and 
when the correspondence relation exists, determin- 
ing that the first and second terminal apparatuses 
can communicate. 

[0032] According to the invention of Claim 32, there 
is provided a recording medium on which a program for 
a communicating method in a network system in which 
a server and a router are connected via a network, one 
or more terminal apparatuses are connected to the rout- 
er, and the server has a database in which a correspond- 
ence relation between an identifier of the router and 
identifiers of the terminal apparatuses which are con- 
nected to the network has been registered has been re- 
corded, wherein 

the program allows the network system to execute 
the steps of: 

when the first and second terminal apparatuses 
communicate with each other, inquiring of the serv- 
er about whether the identifiers of the first and sec- 
ond terminal apparatuses have been registered as 
a same group onto the database or not; and 
when the correspondence relation exists, determin- 
ing that the first and second terminal apparatuses 
can communicate. 

[0033] According to the invention, by referring to an 
identifier of a partner side with which communication is 
made, whether the partner's identifier belongs to the 
same group as a user's own identifier or not is discrim- 
inated for the database provided for the server. If it be- 
longs to the same group, it is determined that the au- 
thentication between the terminals is satisfied, so that 
the link is established. The secure network can be con- 
structed without implementing a firewall, and the 
homenetwork can be set to be open. 

Brief Description of Drawings 

[0034] 

Fig. 1 is a block diagram showing a construction of 
a network system according to the first embodiment 
of the invention. 

Fig. 2 is a block diagram showing an example of a 
construction of a router in the first embodiment of 
the invention. 

Fig. 3 is a flowchart for explaining processes in case 
of allowing a new terminal apparatus to participate 
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in a homenetwork in the first embodiment of the in- 
vention. 

Fig. 4 is a block diagram showing a construction of 
a network system according to the second embod- 
iment of the invention. 

Fig. 5 is a block diagram showing a construction of 
the network system in the second embodiment of 
the invention. 

Fig. 6 is a block diagram showing an example of a 
construction of a router in the second embodiment 
of the invention. 

Fig. 7 is a flowchart for explaining an authenticating 
process at a data link level in the second embodi- 
ment of the invention. 

Fig. 8 is a block diagram showing a construction of 
the network system in the second embodiment of 
the invention. 

Fig. 9 is a flowchartfor explaining a terminal authen- 
ticating process in the second embodiment of the 
invention. 

Fig. 10 is a block diagram showing a construction 
of the network system in the second embodiment 
of the invention. 

Fig. 11 is a block diagram showing a construction 
of the network system in the second embodiment 
of the invention. 

Best Mode for Carrying Out the Invention 

(First embodiment) 

[0035] An embodiment of the invention will be de- 
scribed hereinbelow. Fig. 1 shows an example of a sys- 
tem of the first embodiment of the invention. Reference 
numeral 1 denotes an Internet; 2 indicates an ISP (In- 
ternet Service Provider) connected to the Internet 1 . The 
ISP 2 has a mail server, a DNS (Domain Name System) 
server, a Proxy server, and the like, provides an ordinary 
Internet connecting function, and has a database 3 for 
authentication. 

[0036] Reference numeral 11 denotes a home; and 
12 indicates a home gateway, for example, a router. The 
ISP 2 and router 1 2 are connected by a bidirectional ac- 
cess line 4 such as ISDN (Integrated Services Digital 
Network) line, dedicated line, xDSL (x Digital Subscriber 
Line) like an ADSL (Asymmetric Digital Subscriber Line) 
or the like, optical fiber, or the like. In case of using the 
ISDN line as a bidirectional access line 4, a DSU (Digital 
Service Unit) (not shown) and a TA (Terminal Adapter) 
if necessary are inserted between the router 1 2 and the 
ISDN line. 

[0037] A service company of a cable television can be 
also connected by using a cable television line as a bi- 
directional access line 4. The service company distrib- 
utes audio and/or visual contents via a cable television 
base station and a digital set-top box provided in the 
home 11. Such a service company of the cable televi- 
sion is also a kind of ISP 2 for providing a service for 
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connecting to the Internet. 

[0038] In the embodiment, a homenetwork such as 
awireless LAN shown at reference numeral 13 is in- 
stalled in the home 11. IEEE802.11x including 

5 IEEE802.11 , Bluetooth, Wireless 1394, orthe likecan be 
used as a wireless LAN . The homenetwork 1 3 is not lim- 
ited to the wireless LAN but a wire LAN using a tele- 
phone line, a power line, or a cable can be also used. 
Further, the homenetwork 13 can also include a plurality 

10 of networks. For example, it is also possible to connect 
a cellular phone by the wireless LAN and connect the 
cellular phone to another apparatus by Bluetooth. 
[0039] A terminal apparatus 14 is connected to the 
homenetwork 13. Reference numeral 15 denotes a ter- 

15 minal apparatus to be newly connected to the homenet- 
work 13. A personal computer (desktop type or note- 
book-sized type), an audio apparatus such as a CD 
(Compact Disc) player orthe like, a television concern- 
ing apparatus such as tuner, display, orthe like, a video 

20 recorder/player such as a DVD (Digital Versatile Disc or 
Digital Video Disc) apparatus or the like, or a terminal 
apparatus such as a portable information apparatus or 
the like can be connected to the homenetwork 13. Fur- 
ther, household appliances such as air-conditioner, re- 

25 frigerator. and the like can be connected to the homenet- 
work 13. 

[0040] Various data is supplied from the ISP 2 via the 
router 12 to each of the terminal apparatuses connected 
to the homenetwork 13. For example, contents data 
30 such as audio data, video data, etc. is supplied to the 
router 12. At the same time, the terminal apparatuses 
connected to the homenetwork 13 can communicate 
with each other. 

[0041] Fig. 2 schematically shows a construction of 
35 the router 1 2. The router 1 2 comprises: a media access 
control unit 21; a route control unit 22; a wireless control 
unit 23; an inquiry unit 24; and an access line media ac- 
cess control unit 26. The media access control unit 21 
controls transmission of data to a transmission medium 
40 such as a wireless LAN (homenetwork 13). A plurality 
of terminal apparatuses 1 4 and 1 5 are mutually connect- 
ed by the wireless control unit 23 in a wireless manner. 
The route control unit 22 is connected to the bidirectional 
access line 4. The inquiry unit 24 communicates with 
45 the ISP 2 via the media access control unit 21 and route 
control unit 23 and inquires of the ISP 2 about permis- 
sion or refusal of connection of the new terminal appa- 
ratus 15. 

[0042] Each of the router 1 2 and the terminal appara- 
50 tuses 14 and 15 has one ID (identifier) in the ISP. The 
ID of the terminal apparatus is expressed by MTID and 
the ID of the router 12 is expressed by HGWID. 
[0043] Information of a combination of HGWID of the 
router 12 and MTID of the terminal apparatus has pre- 
ss viously been registered in the database 3 provided for 
the ISP 2. For example, a registering process to the da- 
tabase 3 is executed by a sales shop which sold the ter- 
minal apparatus. Specifically speaking, assuming that 
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HGWID of the router 1 2 is set to HGWID = A and MTID 
of the terminal apparatus 15 is set to MTID = B, when 
the user purchases the terminal apparatus 15, the user 
brings by himself a card in which HGWID of the router 
1 2 at home has been recorded to the shop. On the basis 5 
of information of the router and information of the termi- 
nal apparatus 1 5, the shop registers data showing a cor- 
respondence relation of (HGWID = A and MTID = B) into 
the database 3. A symbol added to the ID has a meaning 
for specifying each ID and does not denote a value of io 
the data. A data construction of the ID has a predeter- 
mined format such as a bit length or the like and, pref- 
erably, has been encrypted. 

[0044] The registering method into the database 3 is 
not limited to the above method. For example, if a con- is 
tract for sale has been made via the Internet 1 and ISP 
2, on the basis of the information of the router to which 
the terminal apparatus in which software for such com- 
munication has been implemented is connected, the 
ISP 2 or the receiving side of an order can register the 20 
data indicative of the correspondence relation between 
HGWI D of the router and MTID of the term inal apparatus 
into the database 3. 

[0045] A flow of processes which are executed at the 
time when the new terminal apparatus 15 is connected 25 
to the homenetwork 13 will be described with reference 
to Fig. 3. The flow of those processes corresponds to a 
program which is installed into the router 12 or another 
computer and which controls the homenetwork 13. As 
necessary, this program is recorded into a computer- 30 
readable recording medium. Step S1 relates to a proc- 
ess for preliminarily registering MTID of the terminal ap- 
paratus (TE) 1 5 into the database 3 as mentioned above 
and it is executed separately from subsequent process- 
es. 35 
[0046] In step S2, if the initial operation of the terminal 
apparatus 15, for example, the operation to first turn on 
a power source is executed in the home 11, the user 
transmits (MTID = B) from the terminal apparatus 15 to 
the router 12. A transmission signal of the terminal ap- 40 
paratus 15 is received by the wireless control unit 23 of 
the router 12. MTID is supplied to the inquiry unit 24 via 
the media access control unit 21 . 
[0047] The inquiry unit 24 can process a signal includ- 
ing MTID from the terminal apparatus 15 which is not 
registered yet into the homenetwork 13. In the inquiry 
unit 24, HGWID of the router 1 2 has been held. (HGWID 
= A and MTID = B) is transmitted from the inquiry unit 
24 to the ISP 2 via the route control unit 22, access line 
media access control unit 26, and bidirectional access so 
line 4 (step S3). 

[0048] The ISP 2 discriminates whether the combina- 
tion of the IDs (HGWID = A and MTID = B) has been 
registered in the database 3 or not by referring to the 
database 3. If it has been registered, that is, if matching ss 
is satisfied in step S4, the ISP 2 transmits a permission 
message to the router 12 via the bidirectional access 
line 4 in step S5. 



301 A1 12 

[0049] In the router 12, the permission message is 
sent to the inquiry unit 24 via the access line media ac- 
cess control unit 26, route control unit 22, and media 
access control unit 21 of the router 12. In step S6, in 
case of an IPv4 (Internet Protocol version 4), an IP ad- 
dress is allocated to the new terminal apparatus 15 by 
a DHCP (Dynamic Host Configuration Protocol, RFC 
2131). In case of IPv6, an IP network prefix is allocated. 
Thus, the new terminal apparatus 15 can participate in 
the homenetwork 1 3. Various settings which are neces- 
sary for connecting the terminal apparatus 15 to the 
homenetwork 13 are also executed by the permission 
message and the user himself hardly needs to perform 
the setting operation. 

[0050] If It is determined in step S4 that the combina- 
tion of the IDs (HGWID = A and MTID = B) is not regis- 
tered in the database 3 yet, a refusal message is sent 
to the inquiry unit 24 via the route control unit 22 and 
media access control unit 21 of the router 1 2 in step S7. 
In this case, since the router 1 2 recognizes that the new 
terminal apparatus is an apparatus which must not be 
connected to the homenetwork 13, this terminal appa- 
ratus cannot participate in the homenetwork 13. 

(Second embodiment) 

[0051] Fig. 4 shows an example of a system accord- 
ing to the second embodiment of the invention. Refer- 
ence numeral 101 denotes an Internet and 1 02 indicates 
an ISP (Internet Service Provider) serving as a server 
connected to the Internet 101 . The ISP 102 has a mail 
server, a DNS (Domain Name System) server a Proxy 
server, and the like, provides an ordinary Internet con- 
necting function, and has a database 103 for authenti- 
cation. 

[0052] Reference numeral 111 denotes a home; and 
112 indicates a home gateway, for example, a router. 
The ISP 1 02 and router 1 1 2 are connected by a bidirec- 
tional access line 104 such as ISDN (Integrated Servic- 
es Digital Network) line, dedicated line, xDSL (x Digital 
Subscriber Line) like an ADSL (Asymmetric Digital Sub- 
scriber Line) or the like, optical fiber, or the like. In case 
of using the ISDN as a bidirectional access line 104, a 
DSU (Digital Service Unit) (not shown) and aTA (Termi- 
nal Adapter) if necessary are Inserted between the rout- 
er 112 and the ISDN. 

[0053] A service company of a cable television can be 
also connected by using a cable television line as a bi- 
directional access line 104. The service company dis- 
tributes audio and/or visual contents via a cable televi- 
sion base station and a digital set-top box provided in 
the home 111. Such a service company of the cable tel- 
evision Is also a kind of ISP 102 for providing a service 
for connecting to the Internet. 

[0054] In the embodiment, a wire LAN shown at ref- 
erence numeral 113 and a wireless LAN 114 are in- 
stalled in the home 111. The wire LAN 1 1 3 and wireless 
LAN 1 1 4 construct a homenetwork. IEEE802. 1 1 x includ- 
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ing IEEE802.11, Bluetooth, Wireless1394, or the like 
can be used as a wireless LAN 114. The homenetwork 
can also include another network. For example, it is also 
possible to connect a cellular phone by the wireless LAN 
and connect the cellular phone to another apparatus by 5 
Bluetooth. Although the invention is characterized by a 
connection control of an apparatus which is connected 
in a wireless manner, the embodiment will be described 
with respect to an apparatus which exists mixedly with 
an apparatus which is connected by a wire. 
[0055] Terminal apparatuses TE1 , TE2, and TE3 are 
connected to the wire LAN 1 1 3. TE4 denotes a terminal 
apparatus to be newly connected to the wireless LAN 
114. A personal computer (desktop type or notebook- 
sized type), an audio apparatus such as a CD (Compact 
Disc) player or the like, a television concerning appara- 
tus such as tuner, display, or the like, a video recorder/ 
player such as a DVD (Digital Versatile Disc or Digital 
Video Disc) apparatus or the like, or a portable informa- 
tion apparatus, or the like can be connected as a termi- 
nal apparatus. Further, household appliances such as 
air conditioner, refrigerator, and the like can be connect- 
ed to the homenetwork. 

[0056] Various data is supplied from the ISP 102 via 
the router 112 to each of the terminal apparatuses con- 
nected to the wire LAN 113 and wireless LAN 114. For 
example, contents data such as audio data, video data, 
etc. is supplied to the router 112. At the same time, the 
terminal apparatuses connected to the wire LAN 113 
and/or the wireless LAN 114 can communicate with 
each other. 

[0057] In case of the homenetwork which is managed 
by the ISP 102, each terminal apparatus has one iden- 
tifier in the ISP. The ISP 102 preliminarily records the 
identifier onto a recording medium (that is, removable 
recording medium) which is detachable to/from the ter- 
minal apparatus. As a recording medium, it is possible 
to use an information recording medium which can gen- 
erally hold information, such as IC card (also called a 
memory card) for recording information into a flash 
memory, magnetic card for recording information onto a 
magnetic material, plastic card for recording information 
as a graphic pattern such as a bar code or the like, or 
the like. In the embodiment, the IC card is used. The IC 
card can also have a function of an LAN card or the like 
in addition to a function for holding the identifier. The 
router 1 1 2 also has an identifier (ID:0) of the router itself. 
[0058] The IC card in which the identifier (ID) has 
been recorded is detachable to/from the router 112 and 
each terminal apparatus. (ID: 1 ) is recorded in an IC card 
MS1 loaded into the terminal apparatus TE1. (ID:2) is 
recorded in an IC card MS2 loaded into the terminal ap- 
paratus TE2. (ID:3) is recorded in an IC card MS3 load- 
ed into the terminal apparatus TE3. Further, ID:4) is re- 
corded in an IC card MS4 which is loaded into the ter- 
minal apparatus TE4. A numeral added to the ID has a 
meaning for specifying each ID and does not denote a 
value of the data. A data construction of the ID has a 



predetermined format such as a bit length or the like 
and, preferably, has been encrypted. 
[0059] If the user intends to connect the terminal ap- 
paratus TE4 to the wireless LAN 114, he requests the 
ISP 102 to issue a new identifier (ID:4). That is, the user 
receives distribution of the I C card MS4 on which such 
an identifier has been recorded. Fig. 4 shows a stage at 
which the user obtained the IC card MS4. As shown in 
Fig. 5, the IC card MS4 is loaded into the router 112. 
The router 112 reads out the identifier (ID:4) from the IC 
card MS4 and stores it into the router 112. In other 
words, (ID: 4) is previously registered into the router 112. 
[0060] After completion of the reading of the identifier 
and storing into the router 112, the IC card MS4 is re- 
moved from the router 112 and loaded again into the 
terminal apparatus TE4. When the terminal apparatus 
TE4 communicates with the router 112, by transmitting 
the identifier (ID:4), authentication at the data link level 
between the router 1 12 and the terminal apparatus TE4 
is performed. It is also possible to generate an encryp- 
tion key by using the identifier (ID:4) and encrypt con- 
tents of communication as necessary. 
[0061] As mentioned above, by inserting the IC card 
MS4 into the router 1 1 2 and, subsequently, inserting the 
IC card MS4 into the terminal apparatus TE4, the au- 
thentication at the data link level can be performed. 
Thus, it is possible to prevent an unauthorized person 
from looking surreptitiously the contents of the commu- 
nication of the wireless LAN 114. That is, it is possible 
to prevent the third person from connecting to the wire- 
less LAN 1 from the outside of the house where the rout- 
er 112 has been installed. Further, in the embodiment, 
for the purpose of performing the terminal authentica- 
tion, the correspondence relation between the ID of the 
router and the ID of the terminal apparatus has been 
registered onto the database 3 which the ISP 102 has. 
The ID of the router 11 2 is expressed by HGWID. 
[0062] Information of a combination of HGWID of the 
router 112 and the ID of the terminal apparatus has pre- 
viously been registered in the database 103 provided 
for the ISP 102. For example, a registering process to 
the database 1 03 is executed by the ISP 1 02 and a sales 
shop when the terminal apparatus is sold. For example, 
when the user purchases the terminal apparatus TE4, 
the user brings by himself a card in which HGWID of the 
router 112 at home has been recorded to the shop. On 
the basis of information of the router and information of 
the IC card MS4, the shop registers data showing a cor- 
respondence relation of (HGWID : 0, ID : 4) into the da- 
tabase 1 03. Together with the terminal apparatus TE4, 
the user obtains the IC card MS4 on which (ID : 4) has 
previously been recorded. 

[0063] Naturally, the registering method Into the data- 
base 1 03 is not limited to the above method. For exam- 
ple, if a sales contract has been made via the Internet 
1 01 and ISP 1 02, on the basis of the information of the 
router to which the terminal apparatus in which software 
for such communication has been implemented is con- 
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nected, the ISP 1 02 or the receiving side of an order can 
register the data indicative of the correspondence rela- 
tion between HGWID of the router and the ID of the ter- 
minal apparatus into the database 103. 
[0064] Fig. 6 schematically shows a construction of 
the router 112. The router 1 1 2 comprises: a wireless me- 
dia access control unit 121; a route control unit 122; 
awireless control unit 1 23; an inquiry unit 1 24; an IC card 
interface 125; an access line media access control unit 
1 26; and a wire media access control unit 1 27. The wire- 
less media access control unit 121 controls transmis- 
sion of data to the wireless LAN 114. The wire media 
access control unit 127 controls transmission of data to 
the wire LAN 113. 

[0065] A plurality of terminal apparatuses are mutual- 
ly connected in a wireless manner by the wireless con- 
trol unit 123. The route control unit 122 is connected to 
the bidirectional access line 104. The inquiry unit 124 
communicates with the ISP 102 via the wireless media 
access control unit 121 , route control unit 122, and ac- 
cess line media access control unit 126 and inquires of 
the ISP 102 about permission or refusal of connection 
of a new terminal apparatus. The IC card interface 125 
is an interface of the IC card and can read out the iden- 
tifier recorded in a predetermined format. Further, key 
data or the like can be recorded onto the IC card as nec- 
essary. 

[0066] The authenticating process at the data link lev- 
el will be described with reference to a flowchart of Fig. 
7. A flow of this process corresponds to a program which 
is installed into the router 1 1 2 or another computer and 
which controls the wireless LAN 1 1 4. As necessary, this 
program is recorded onto a computer-readable record- 
ing medium. However, step S1 0 relates to a process for 
previously registering the ID into the database 103 as 
mentioned above and it is executed separately from 
subsequent processes. 

[0067] In first step S1 1 , the IC card is inserted into the 
router 112. The identifier, for example, (ID:4) recorded 
in the IC card is read out via the IC card interface 125 
of the router 112. Subsequently, in step S12,the I C card 
is returned (loaded) into the terminal apparatus TE4. 
Upon communication, in step S13, the terminal appara- 
tus TE4 notifies the router 112 of (ID:4). The router 112 
recognizes that the terminal apparatus TE4 has the 
same ID as the read-out ID. In this manner, the authen- 
tication at the data link level between the router 112 and 
the terminal apparatus TE4 is satisfied in step S14. 
[0068] Subsequently, the terminal authentication is 
performed. The terminal authentication Is necessary ir- 
respective of the wire manner or the wireless manner 
and a secure network can be constructed without install- 
ing the firewall and performing packet filtering or the like. 
The terminal authentication will be described hereinbe- 
low. 

[0069] Fig. 8 shows a state where the IC cards MS1 . 
MS2. and MS3 have been loaded into the terminal ap- 
paratuses TE1, TE2, and TE3 connected to the wire 



LAN 113, respectively, and the identifiers recorded in 
those IC cards have been registered in the database 
1 03 of the ISP 1 02. As a method of registering the iden- 
tifiers of the terminal apparatuses connected to the wire 

s LAN 1 1 3 into the database 1 03, a method similar to that 
mentioned above can be used. 
[0070] A flow for the terminal authenticating process 
will be described with reference to Fig. 9. A flow of this 
process corresponds to a program which is installed into 

10 the router 112 or another computer and which controls 
the wire LAN 113 andwireless LAN 114. As necessary, 
this program is recorded onto a computer-readable re- 
cording medium. The registering process of the ID into 
the database has previously been executed. 

15 [0071 ] For example, a case where the terminal appa- 
ratus TE4 (ID:4) communicates with the terminal appa- 
ratus TE3 (ID:3) will be described as an example. In step 
S21 , the terminal apparatus TE4 requests the terminal 
apparatus TE3 to establish the link. In step S22, theter- 

20 minal apparatus TE3 which received this request in- 
quires of the ISP 102 via the router 112 about whether 
the terminal apparatus TE4 belongs to the same group 
or not. The inquiry unit 1 24 of the router 1 1 2 also trans- 
mits the identifier (ID:0) of the router 1 1 2 to the ISP 1 02 

25 in an interlocking relational manner. Desirably, the com- 
munication for authentication has been encrypted. 
[0072] In step S23, the ISP 1 02 refers to the database 
1 03. In step S24, whether (ID:3) and (ID:4) belong to the 
same group or not is discriminated. (1.2,3,4) have been 

30 registered as IDs in the database 103 with respect to 
(HGWID:0) (refer to Figs. 4 and 5). Therefore, it is de- 
termined that (ID:3) and (ID:4) belong to the same 
group. 

[0073] This result is transmitted from the ISP 102 to 
35 the router 112 via the bidirectional access line 104, ac- 
cess line media access control unit 126, and route con- 
trol unit 1 22 and, further, transmitted from the router 1 1 2 
to the terminal apparatus TE3. In case of the same 
group, the terminal authentication is satisfied (step 
40 S25). In step S26, the security between the terminal ap- 
paratuses TE3 and TE4 is established. If it is determined 
in step S24 that they do not belong to the same group, 
the terminal authentication is not satisfied (step S27). In 
this case, the security is not established (step S28). In 
45 order to assure the security of the homenetwork, if the 
IC card is pulled out from the terminal apparatus after 
the link was established, the establishment of the secu- 
rity is invalidated. 

[0074] Fig. 10 shows a situation where the terminal 
50 apparatus registered in a homenetwork of the third per- 
son has been connected to the user's own homenet- 
work. Another terminal apparatus is assumed to be 
TE10, its IC card is assumed to be MS10, and its iden- 
tifier is assumed to be (ID: 10). In this case, the IC card 
55 MS1 0 is loaded into the router 1 1 2, thereby allowing the 
router 112 to read out (ID: 10). Thus, the authentication 
at the data link level is satisfied. However, in the data- 
base 103 of the ISP 102, (ID: 10) is not registered as an 
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ID of the same group as that of the router 1 1 2 (HGW ID: 
0). Therefore, terminal authentication is not satisfied. 
[0075] This means that although the terminal appara- 
tus TE10 can be connected to the Internet 101 via the 
router 122 and to the homenetwork of that person, it can- 5 
not communicate with the terminal apparatus connected 
to the wire LAN 1 1 3 and wireless LAN 1 1 4. That is, there 
is an advantage such that the terminal apparatus having 
a mechanism for authentication at the data link level us- 
ing the IC card can communicate with the outside via 10 
another homenetwork having a similar mechanism. 
[0076] Further, Fig. 11 shows an example in which a 
terminal apparatus, for example, TE4 is brought to the 
outside of the home and communication is made via a 
public access point 131. The IC card MS4 on which (ID: is 
4) has been recorded has been loaded into the terminal 
apparatus TE4. In this case, however, since the IC card 
MS4 cannot be loaded to the router 112 existing at a 
remote position, the authentication at the data link level 
is omitted. However, the public access point 131 can 20 
have a construction such that previous registration of 
the identifier by the IC card can be accepted. 
[0077] The terminal apparatus TE4 can access the In- 
ternet 101 via the public access point 131 and, further, 
can communicate with the terminal apparatus of the 25 
homenetwork of his own home. In this case, the terminal 
authentication as mentioned above is executed. Only 
when the terminal authentication is satisfied, the secu- 
rity is established. As mentioned above, even in the ter- 
minal apparatus which is used by the homenetwork, it 30 
can be carried out to the outside of the home and used. 
[0078] The invention is not limited to the foregoing 
embodiment of the invention but many modifications 
and applications are possible within the scope without 
departing from the spirit of the invention. For example, 35 
although the foregoing embodiment has been described 
with respect to the example of the homenetwork the in- 
vention is not limited to the home but can be also applied 
to a network in a company. 

40 

Industrial Applicability 

[0079] According to the invention, the network system 
in which only a combination of the router and the termi- 
nal apparatus which has been registered in the data- 45 
base provided for the Internet service provider can be 
connected to the network can be realized. The user 
does not need to set the router by himself but can enable 
the terminal apparatus to participate newly in the net- 
work such as a homenetwork or the like. According to so 
the invention, it is possible to prevent the unregistered 
terminal apparatus from being connected to the network 
such as a homenetwork or the like, so that the security 
of the network can be improved. For example, a cellular 
phone which can be connected to the network can be 55 
limited to a cellular phone having a function for prevent- 
ing an illegal invasion from the outside. 
[0080] According to the invention, even in the case 



where the homenetwork is a wireless network, in order 
to prevent the third person from looking surreptitiously, 
the authentication at the data link level can be per- 
formed. The security can be improved by the terminal 
authentication. Further, there is an advantage such that 
the setting operation of the router or the like for such a 
purpose becomes unnecessary and it is sufficient to ex- 
ecute the loading and removing operations of the re- 
cording medium. 

[0081 ] Further, according to the invention, the secure 
network can be constructed without implementing the 
firewall. There is, consequently, an advantage such that 
a problem in which the homenetwork depends on the 
implemented firewall and the homenetwork does not be- 
come an open network does not occur. 



Claims 

1 . A network system comprising: 

a router for permitting or refusing a connection 
on the basis of one identifier which a terminal 
apparatus has; and 

a database in which the router and the terminal 
apparatus connected thereto have previously 
been associated, 

wherein when there is a connecting request 
from said terminal apparatus, said database is re- 
ferred to on the basis of said request and in the case 
where a correspondence of said router and said ter- 
minal apparatus has been recorded in said data- 
base, the connection of said terminal apparatus 
which is connected is permitted. 

2. A connecting apparatus in which a network includ- 
ing a router and one or more terminal apparatuses 
is provided on a terminal side and which provides a 
service for connecting to the Internet to the terminal 
side, comprising: 

a database in which a correspondence relation 
between an identifier of the router and identifi- 
ers of the terminal apparatuses which are con- 
nected to the network has been registered, 

wherein when a terminal apparatus is newly 
connected to said network, whether a correspond- 
ence relation between an identifier of the router 
which is sent from the user's side and an identifier 
of the terminal apparatus exists in said database or 
not is discriminated, and 

at least one of permission information which 
is formed when said correspondence relation exists 
and used to permit the connection of said new ter- 
minal apparatus to said network and refusal infor- 
mation which is formed when said correspondence 
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relation does not exist and used to refuse the con- 
nection of said new terminal apparatus to said net- 
work is transmitted to said terminal side. 

3. A connecting apparatus according to claim 2, 
wherein 

when the terminal apparatus is sold, the cor- 
respondence relation between the identifier of the 
router and the identifier of the terminal apparatus 
which is connected to the network is registered into 
said database. 

4. A connecting apparatus according to claim 2, 
wherein 

when an order is made via the Internet, the 
correspondence relation between the identifier of 
the router and the identifier of the terminal appara- 
tus which is connected to the network is registered 
into said database by a person who receives said 
order. 

5. A connecting method in a network system including 
a router and one or more terminal apparatuses on 
a terminal side, wherein said network system has a 
database in which a correspondence relation be- 
tween an identifier of the router and identifiers of the 
terminal apparatuses which are connected to a net- 
work has been registered, and in said network sys- 
tem, a service for connecting to the Internet is pro- 
vided to the terminal side, 

whereby when a terminal apparatus is newly 
connected to said network system, whether a cor- 
respondence relation between the identifier of the 
router which is sent from the user's side and an 
identifier of said terminal apparatus exists in said 
database or not is discriminated, and 

at least one of permission information which 
is formed when said correspondence relation exists 
and used to permit the connection of said new ter- 
minal apparatus to said network system and refusal 
information which is formed when said correspond- 
ence relation does not exist and used to refuse the 
connection of said new terminal apparatus to said 
network system is transmitted to said terminal side. 

6. A connecting method according to claim 5, wherein 

when the terminal apparatus is sold, the cor- 
respondence relation between the identifier of the 
router and the identifier of the terminal apparatus 
which is connected to the network is registered into 
said database. 

7. A connecting method according to claim 5, wherein 

when an order is made via the Internet, the 
correspondence relation between the identifier of 
the router and the identifier of the terminal appara- 
tus which is connected to the network is registered 
into said database by a person who receives said 



order. 

8. A network system which is constructed by a router 
having one identifier and one or more terminal ap- 

5 paratuses each having one identifier and connected 

to an Internet connecting apparatus via said router, 
wherein 

when a terminal apparatus is newly connect- 
ed to said network system, a correspondence rela- 

10 tlon between the identifier of the router and an iden- 
tifier of said terminal apparatus is transmitted to said 
Internet connecting apparatus, at least one of per- 
mission information and refusal information formed 
by said Internet connecting apparatus on the basis 

15 of a result of a discrimination with reference to a da- 
tabase is received, and 

the terminal apparatus can be newly connect- 
ed only in the case where a fact that said corre- 
spondence relation exists in said database is shown 

20 by at least one of said permission information and 
said refusal information. 

9. A network system according to claim 8, wherein 

when the terminal apparatus is sold, the cor- 
25 respond ence relation between the identifier of the 
router and the identifier of the terminal apparatus 
which is connected to a network is registered into 
said database. 

30 1 0. A network system according to claim 8, wherein 

when an order is made via the Internet, the 
correspondence relation between the identifier of 
the router and the identifier of the terminal appara- 
tus which is connected to a network is registered 

35 into said database by a person who receives said 
order. 

1 1 . A program for a network system which is construct- 
ed by a router having one identifier and one or more 
40 terminal apparatuses each having one identifier 
and connected to an Internet connecting apparatus 
via said router, wherein 

said program allows said network system to 
execute: 

45 

a procedure for, when a terminal apparatus is 
newly connected to said network system, trans- 
mitting a correspondence relation between the 
identifier of the router and an identifier of said 
so terminal apparatus to said Internet connecting 

apparatus; 

a procedure for receiving at least one of per- 
mission information and refusal information 
formed by said Internet connecting apparatus 
55 on the basis of a result of a discrimination with 

reference to a database; and 
a procedure for newly connecting the terminal 
apparatus only in the case where a fact that 
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said correspondence relation exists in said da- 
tabase is shown by at least one of said permis- 
sion information and said refusal information. 

12. A recording medium on which a program for a net- 
work system which is constructed by a router having 
one identifier and one or more terminal apparatuses 
each having one identifier and connected to an In- 
ternet connecting apparatus via said router has 
been recorded, wherein 

said program allows said network system to 
execute: 

a procedure for, when a terminal apparatus is 
newly connected to said network system, trans- 
mitting a correspondence relation between the 
identifier of the router and an identifier of the 
terminal apparatus to said Internet connecting 
apparatus; 

a procedure for receiving at least one of per- 
mission information and refusal information 
formed by said Internet connecting apparatus 
on the basis of a result of a discrimination with 
reference to a database; and 
a procedure for newly connecting the terminal 
apparatus only in the case where a fact that 
said correspondence relation exists in said da- 
tabase is shown by at least one of said permis- 
sion information and said refusal information. 

13. A network system in which a router and a terminal 
apparatus are connected in a wireless manner, 
wherein 

one identifier is recorded, a removable re- 
cording medium is provided, 

said recording medium is loaded into said 
router and, thereafter, attached to the terminal ap- 
paratus, and 

said router reads out said identifier, thereby 
allowing a link between the router and the terminal 
apparatus specified by said identifier to be estab- 
lished. 

14. A network system according to claim 1 3, wherein 

the identifier has previously been written onto 
said recording medium on a connecting apparatus 
side. 

15. A network system according to claim 1 3, wherein 

a point that said recording medium has been 
attached to said terminal apparatus is used as a 
condition for establishment of the link. 

16. A router for exchanging information between termi- 
nal apparatuses connected in a wireless manner, 
wherein 

one identifier is recorded, a removable re- 
cording medium is detachably provided, 



said identifier is read out from said loaded re- 
cording medium, and 

a link with the terminal apparatus which is 
specified by said identifier is established. 

5 

17. A router according to claim 16. wherein 

the identifier has previously been written onto 
said recording medium on a connecting apparatus 
side. 

10 

18. A router according to claim 16. wherein 

a point that said recording medium has been 
attached to said terminal apparatus is used as a 
condition for establishment of the link. 

15 

19. A terminal apparatus for exchanging information in 
a wireless manner, wherein 

one identifier is recorded, a removable re- 
cording medium is detachably provided, 
20 said identifier is read out from said loaded re- 

cording medium, and 

a link is established by said identifier at the 
time of wireless communication. 

25 20. A communicating method in a network system in 
which a router and a terminal apparatus are con- 
nected in a wireless manner, comprising: 

a step wherein one identifier is recorded and a 
30 removable recording medium is provided; 

a step wherein said recording medium is loaded 
into said router and said router reads out said 
identifier; 

a step wherein said recording medium is at- 
35 tached to said terminal apparatus and said ter- 

minal apparatus reads out said identifier; and 
a step wherein said router detects that said ter- 
minal apparatus is specified by said identifier, 
thereby establishing a link between said router 
40 and said terminal apparatus. 

21 . A program for a network system in which a router 
and a terminal apparatus are connected in a wire- 
less manner, one identifier is recorded, and a re- 
45 movable recording medium is provided, wherein 

said program allows said network system to 
execute: 

a step wherein said recording medium is loaded 
so into said router and said router reads out said 

identifier; 

a step wherein said recording medium is at- 
tached to said terminal apparatus and said ter- 
minal apparatus reads out said identifier; and 
55 a step wherein said router detects that said ter- 

minal apparatus is specified by said identifier, 
thereby establishing a link between said router 
and said terminal apparatus. 
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22. A recording medium on which a program for a net- 
work system in which a router and a terminal appa- 
ratus are connected in a wireless manner, one iden- 
tifier is recorded, and a removable recording medi- 
um is provided has been recorded, wherein 

said program allows said network system to 
execute: 

a step wherein said recording medium is loaded 
into said router and said router reads out said 
identifier; 

a step wherein said recording medium is at- 
tached to said terminal apparatus and said ter- 
minal apparatus reads out said identifier; and 
a step wherein said router detects that said ter- 
minal apparatus is specified by said identifier, 
thereby establishing a link between said router 
and said terminal apparatus. 

23. A network system in which a server and a router are 
connected via a network and one or more terminal 
apparatuses are connected to said router, wherein 

said server has a database in which a corre- 
spondence relation between an identifier of said 
router and identifiers of said terminal apparatuses 
connected to the network has been registered, 

when the first and second terminal apparatus- 
es communicate with each other, said server is in- 
quired about whether the identifiers of said first and 
second terminal apparatuses have been registered 
as a same group onto said database or not, and 

when said correspondence relation exists, 
said first and second terminal apparatuses can 
communicate. 

24. A network system according to claim 23, wherein 

one or more identifiers are registered into said 
database every identifier of the router. 

25. A network system according to claim 23, wherein 

the identifier of said terminal apparatus has 
been recorded on a recording medium which is re- 
movable to/from said terminal apparatus. 

26. A terminal apparatus which is connected to a net- 
work system, wherein 

when there is a communicating request from 
another terminal apparatus, an external server is in- 
quired about an identifier of said another terminal 
apparatus via a router, 

whether said another terminal apparatus be- 
longs to a same group or not is discriminated with 
reference to a database of said server, and 

only when said another terminal apparatus 
belongs to the same group, communication with 
said another terminal apparatus can be made. 

27. A terminal apparatus according to claim 26, wherein 



whether said another terminal apparatus be- 
longs to the same group or not Is determined by 
checking whether a correspondence relation be- 
tween an identifier of said router and an identifier of 
5 said terminal apparatus exists on said database or 

not. 

28. A communicating method in a network system in 
which a server and a router are connected via a net- 

10 work., one or more terminal apparatuses are con- 
nected to said router, and said server has a data- 
base in which a correspondence relation between 
an identifier of the router and identifiers of the ter- 
minal apparatuses which are connected to said net- 
's work has been registered, comprising the steps of: 

when the first and second terminal apparatuses 
communicate with each other, inquiring of said 
server about whether the identifiers of said first 
20 and second terminal apparatuses have been 

registered as a same group onto said database 
or not; and 

when said correspondence relation exists, de- 
termining that said first and second terminal ap- 
25 paratuses can communicate. 

29. A communicating method according to claim 28, 
wherein 

one or more identifiers are registered into said 
30 database every identifier of the router. 

30. A communicating method according to claim 28, 
wherein 

the identifier of said terminal apparatus has 
35 been recorded on a recording medium which is re- 
movable to/from said terminal apparatus. 

31. A program for a communicating method in a net- 
work system in which a server and a router are con- 

40 nected via a network, one or more terminal appara- 
tuses are connected to said router, and said server 
has a database in which a correspondence relation 
between an identifier of the router and identifiers of 
the terminal apparatuses which are connected to 
45 said network has been registered, wherein 

said program allows said network system to 
execute the steps of: 

when the first and second terminal apparatuses 
50 communicate with each other, inquiring of said 

server about whether the identifiers of said first 
and second terminal apparatuses have been 
registered as a same group onto said database 
or not; and 

55 when said correspondence relation exists, de- 

termining that said first and second terminal ap- 
paratuses can communicate. 
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32. A recording medium on which a program for a com- 
municating method in a network system in which a 
server and a router are connected via a network, 
one or more terminal apparatuses are connected to 
said router, and said server has a database in which 5 
a correspondence relation between an identifier of 
the router and identifiers of the terminal apparatus- 
es which are connected to said network has been 
registered has been recorded, wherein 

said program allows said network system to 10 
execute the steps of: 

when the first and second terminal apparatuses 
communicate with each other, inquiring of said 
server about whether the identifiers of said first is 
and second terminal apparatuses have been 
registered as a same group onto said database 
or not; and 

when said correspondence relation exists, de- 
termining that said first and second terminal ap- 20 
paratuses can communicate. 
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Fig. 2 
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DESCRIPTION OF REFERENCE NUMERALS 

1, 101 INTERNET 

2, 102 ISP 

3, 103 DATABASE 
12, 112 ROUTER 

13 HOME NETWORK 

14, 15, TE1 ~TE4, TE10 TERMINAL APPARATUS 

113 WIRE LAN 

114 WIRELESS LAN 
MS1~MS4, MS10 IC CARD 

51 REGISTER MT ID OF TE 

52 TE TRANSMITS MTID = B TO ROUTER 

53 ROUTER TRANSMITS HGWID = A AND MTID = B TO ISP 

54 MATCHING IS OK? 

55 ISP TRANSMITS PERMISSION MESSAGE TO ROUTER 

56 ALLOCATE IP ADDRESS TO TE 

57 ISP TRANSMITS REFUSAL MESSAGE TO ROUTER 

58 DISPLAY ERROR 

510 (ID = 4) IS REGISTERED INTO BASE DATA AND RECORDED INTO IC CARD BY 
ISP 

511 IC CARD IS INSERTED INTO ROUTER 

512 RETURN IC CARD TO TERMINAL 

513 TERMINAL NOTIFIES ROUTER OF ID = 4 

514 AUTHENTICATION OF DATA LINK LEVEL IS OK 
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521 COMMUNICATING REQUEST FROM TERMINAL (10 = 4) TO TERMINAL (ID = 3) 

522 TERMINAL (ID = 3) INQUIRES OF ISP 

523 ISP REFERS TO DATABASE 

524 (ID =3) AND (ID = 4) BELONG TO SAME GROUP? 

525 TERMINAL AUTHENTICATION IS OK 

526 SECURITY IS ESTABLISHED 

527 TERMINAL AUTHENTICATION IS NG 

528 SECURITY IS NOT ESTABLISHED 



27 



EP 1 372 301 A1 



INTERNATIONAL SEARCH REPORT 



international application No. 

PCT/JP02/02581 



A. CLASSIFICATION OF SUBJECT MATTER 

Int. CI 1 H04L12/S6, HQ4L12/28, H04L12/66 



According to International Patent Classification (IPC) or to both national classification and IPC 
B, FIELDS SEARCHED 

Minimum documentation searched (classification system followed by classification symbols) 
Int. CI 7 H04L12/56, H04L12/28, H04L12/66, H0419/32 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 
Jitsuyo Shinan Koho 1926-1996 Toroku Jitsuyo Shinan Koho 1994-2002 

Kbkai Jitsuyo Shinan Koho 1971-2002 Jitsuyo Shinan Toroku Koho 1996-2002 

Electronic data base consulted during the international search (name of data base and, where practicable, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


P,X 
P/Y 


JP 2001-144812 A (Sharp Corp.), 
25 May, 2001 (25.05.01), 
Full text; all drawings 
(Family: none) 


1-12 
23-32 


Y 


JP 2000-236342 A (Nippon Telegraph And Telephone 
Corp. ) , 

29 August, 2000 (29.08.00), 

Par. Nos. [0004] to [0006]; Figs. 1, 8 

(Family: none) 


13-22 


Y 


JF 10-285658 A (Canon Inc.), 
23 October, 1998 (23.10.98), 
Abstract; Claims 1, 2; Par. No. [0025] 
(Family: none) 


13-22 



|"x"j Further documents are listed in the continuation of Box C. j | See patent family annex. 



" Special categories of cited documents: T later document published after the international filing dare or 
"A" docaroent defining the general state of die ait which is not priority data and not in conflict with the application but cited to 

considered to be of particular relevance understand the principle or theory underlying the invention 

"E" earlier document but published on or after the international filing *X" document of particular relevance; the d aimed invention cannot be 

date considered novel or cannot be considered to involve an inventive 

"L" document which may throw doubts on priority daim(s) or which is step when the document is taken alone 

cited to establish the publication date of another dtation or other **Y~ document of particular relevance; the daitned invention cannot be 

special reason (as specified) considered to Involve an inventive step when the document is 

"O* document referring to an oial disclosure, use, exhibition or other combined with one or more other such documents, such 

means combination being obvious to a person skilled in the art 



"P" document published prior to the international filing date but later 
than the priority date daimcd 


document member of tke same patent family 


Date of the actual completion of the international search 
24 April, 2002 (24.04.02) 


Date of mailing of the international search report 
14 May, 2002 (14.05.02) 


Name and mailing address of the ISA/ 

Japanese Patent Off. ice 


Authorized officer 


Facsimile No. 


Telephone No. 



Form PCT/1SA7210 (second sheet) (July 1998) 



28 



EP 1 372 301 A1 



INTERNATIONAL SEARCH REPORT 



Internationa] application No. 

PCT/JP02/02561 



C (Continuation). DOCUMENTS CONSIDERED TO BE RELEVANT 



Category* 



Citation of document, with Indication, where appropriate, of ±e relevant passages 



JP 2001-189722 A (Toshiba Corp.), 
10 July, 2001 (10.07.01), 
Abstract; Par. Nos. [0033] to [0061] 
(Family: none) 

JP 2001-53901 A (Sony Corp. ) , 
23 February, 2001 (23.02.01), 
Claims 1 to 3; Fig. 1 
(Family: none) 

JP 11-331181 A (Toppan Printing Co., Ltd.), 
30 November, 1999 (30.11.99), 
Par. Nos- [0006J- to [0010] 
(Family: none) 

JP 2001-306519 A (NTT Communications Kabushiki 
Kaisha) , 

02 November, 2001 (02.11.01), 
Par. Nos. [0030] to [0045] 
(Family: none) 



Relevant to claim No. 



P/Y 



?,A 



13-22 



23-32 



1-32 



1-32 



Form PCT/ISA/210 (continuation of second sheet) (July 199S) 



29 



EP 1 372 301 A1 



INTERNATIONAL SEARCH REPORT 



International application No. 

PCT/JP02/02581 



Box I Observations where certain claims were found unsearchable (Continuation of item 1 of first sheet) 

This international search report has not been established in respect of certain claims under Article 17(2)(a) for the following reasons: 



because they are dependent claims and are not drafted in accordance with the second and third sentences of Rule 6.4(a). 



Box II Observations where unity of invention is lacking (Continuation of Hem 2 of First sheet) 

This International Searching Authority found multiple inventions in this international application, as follows: 

Claims 1-12 are directed to an idea of permitting a connection to a terminal 
which has made a connection request if the correspondence relationship between 
the terminal and a router which has received the connection request is 
registered in a connection permission table. 

Claims 13-22 are directed to an idea of assigning the same identifier to 
a router which receives a connection request and a terminal which makes the 
connection request and allowing the router to permit the connection of the 
terminal which has the same identifier as that of the router. 



1 , pT] As all required additional search fees were timely paid by the applicant, this international search report covers all searchable 



1. f~] aaimsNos.: 

because they relate (o subject matter not required to be searched by this Authority, namely: 



2. [~~[ aaimsNos.: 

because they relate to parts of the international application that do not comply with the prescribed requirements to such an 
extent that no meaningful international search can be carried out, specifically: 




daims. 



2 - a 



As all searchable claims could be searched without effort justifying an additional fee, this Authority did not invite payment 
of any additional fee. 



3 □ 



As only some of the required additional search fees were timely paid by the applicant, this international search report covers 
only those claims for which fees were paid , specifically daims Nos.: 



*■ □ 



No required additional search fees were timely paid by the applicant. Consequently, this international search report is 
restricted to the invention first mentioned in the claims; it is covered by claims Nos^ 




Form PCT/ISA/210 (continuation of first sheet (1)) (July 1998) 



30 



EP 1 372 301 A1 



INTERNATIONAL SEARCH REPORT 



International application No. 

PCT/JP02/02581 



Continuation of Box No. II of continuation of first sheet fl) 

Claims 23-32 are directed to an idea of determining 
permission/rejection of communication between terminals depending on 
whether or not the terminals belong to the same group. 
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general inventive concept. 
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